Author: chris.laprun(a)jboss.com
Date: 2007-10-13 13:31:51 -0400 (Sat, 13 Oct 2007)
New Revision: 8632
Modified:
docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/clustering.xml
docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml
docs/trunk/referenceGuide/en/modules/clustering.xml
docs/trunk/referenceGuide/en/modules/sso.xml
Log:
- Updated to use 4.2.x information.
Modified: docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/clustering.xml
===================================================================
---
docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/clustering.xml 2007-10-13
17:12:01 UTC (rev 8631)
+++
docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/clustering.xml 2007-10-13
17:31:51 UTC (rev 8632)
@@ -163,22 +163,29 @@
</depends>
</mbean>
]]></programlisting>
- More information can be found <ulink
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossCacheHibernate&qu...;.
+ More information can be found <ulink
+
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossCacheHibernate&qu...;.
</para>
</sect2>
<sect2>
<title>Identity clustering</title>
- <para>JBoss Portal leverages the servlet container authentication for its
own authentication mechanism. When the user
- is authenticated on one particular node he will have to reauthenticate again if
he use another node of the cluster (during
- a failover for instance). This is valid only for the
<emphasis>FORM</emphasis> based authentication which is the default
- form of authentication that JBoss Portal uses. Fortunately JBoss provides
transparent reauthentication of the user called
- JBoss clustered SSO. Its configuration is in the file
<emphasis>$JBOSS_HOME/server/all/deploy/jbossweb-tomcat55.sar/server.xml</emphasis>
- and the clustered sso valve shall be uncommented
- <programlisting><![CDATA[
-<Valve className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn" />
-]]></programlisting>
- More information can be found <ulink
url="http://www.jboss.org/wiki/Wiki.jsp?page=SingleSignOn">h...;.
+ <para>JBoss Portal leverages the servlet container authentication for its
own authentication mechanism. When
+ the user is authenticated on one particular node he will have to
reauthenticate again if he use another
+ node of the cluster (during a failover for instance). This is valid only for
the <emphasis>FORM</emphasis>
+ based authentication which is the default form of authentication that JBoss
Portal uses. Fortunately JBoss
+ provides transparent reauthentication of the user called JBoss clustered SSO.
Its configuration can be found
+ in
<literal>$JBOSS_HOME/server/all/deploy/jboss-web.deployer/server.xml</literal>
and you will need to
+ uncomment the following valve:
+ <programlisting><![CDATA[<Valve
className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn"
/>]]></programlisting>
+
+ <note>
+ If you use JBoss 4.0.x, the files and valve are respectively:
+
<literal>$JBOSS_HOME/server/all/deploy/jbossweb-tomcat55.sar/server.xml</literal>
+ <programlisting><![CDATA[<Valve
className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn"
/>]]></programlisting>
+ </note>
+
+ More information can be found <ulink
url="http://www.jboss.org/wiki/Wiki.jsp?page=SingleSignOn">h...;.
</para>
</sect2>
@@ -202,10 +209,12 @@
<title>Setup</title>
<para>We are going to outline how to setup a two node cluster on the same
machine in order to test JBoss Portal HA. The only
missing part from the full fledged setup is the addition of a load balancer in
front of Tomcat. However a lot of documentation
- exist on the subject. A detailed step by step setup of Apache and mod_jk is
available from the <ulink
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingMod_jk1.2WithJBos...
Wiki</ulink>.</para>
+ exist on the subject. A detailed step by step setup of Apache and mod_jk is
available from the <ulink
+
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingMod_jk1.2WithJBos...
Wiki</ulink>.</para>
<para>As we need two application servers running at the same time, we must
avoid any conflict. For instance we will
need Tomcat to bind its socket on two different ports otherwise a network conflict
will occur. We will leverage
- the service binding manager <ulink
url="http://docs.jboss.org/jbossas/jboss4guide/r3/html/ch10.html&quo...
chapter</ulink> of
+ the service binding manager <ulink
+
url="http://docs.jboss.org/jbossas/jboss4guide/r3/html/ch10.html&quo...
chapter</ulink> of
the JBoss AS documentation.</para>
<para>The first step is to copy the <emphasis>all</emphasis>
configuration of JBoss into two separate
configurations that we name <emphasis>ports-01</emphasis> and
<emphasis>ports-02</emphasis> :
@@ -244,9 +253,9 @@
into <emphasis>$JBOSS_HOME/server/ports-01/deploy</emphasis> and
<emphasis>$JBOSS_HOME/server/ports-02/deploy</emphasis>.
</para>
<para>Copy JBoss Portal HA to the deploy directory of the two
configurations.</para>
-
+
<!-- adding instruction about jboss cache versioning -->
- <para>
+ <para>
<emphasis>JBoss Cache Configuration Note :</emphasis> To
improve CMS performance JBoss Cache is leveraged to cache the content cluster wide.
We recommend that you use the following version of JBoss Cache for best
performance:
<itemizedlist>
Modified: docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml
===================================================================
--- docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml 2007-10-13
17:12:01 UTC (rev 8631)
+++ docs/branches/JBoss_Portal_Branch_2_6/referenceGuide/en/modules/sso.xml 2007-10-13
17:31:51 UTC (rev 8632)
@@ -19,7 +19,8 @@
the portal you gain access to many systems through portlets using a single
identity. Still in many cases you
need to integrate the portal infrastructure with other SSO enabled systems. There
are many different Identity Management
solutions on the market. In most cases each SSO framework provides its own way to
plug into Java EE application. For custom configurations
- you need to have a good understanding of <link
linkend="identity">JBoss Portal Identity management</link> and <link
linkend="authentication">authentication</link>
+ you need to have a good understanding of <link
linkend="identity">JBoss Portal Identity management</link> and
<link
+ linkend="authentication">authentication</link>
mechanisms.</para>
</sect1>
<sect1>
@@ -32,12 +33,14 @@
<sect2>
<title>Enabling Tomcat SSO Valve</title>
<para>
- To enable SSO valve in Tomcat you should edit
<emphasis>$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml</emphasis>
file and uncomment
- following line:
- <programlisting>
- <![CDATA[
-<Valve className=’org.apache.catalina.authenticator.SingleSignOn’/>]]>
- </programlisting>
+ To enable SSO valve in Tomcat you should uncomment the following line
+ <programlisting><![CDATA[<Valve
className=’org.apache.catalina.authenticator.SingleSignOn’/>]]></programlisting>
+ in the
<literal>$JBOSS_HOME/server/default/deploy/jboss-web.deployer/server.xml</literal>
file.
+ <note>
+ On JBoss 4.0.x the configuration file is
+
<literal>$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml</literal>
+ </note>
+ More information can be found <ulink
url="http://www.jboss.org/wiki/Wiki.jsp?page=SingleSignOn">h...;.
</para>
</sect2>
<sect2>
@@ -45,7 +48,8 @@
<para>
Lets look a little bit closer and configure SSO between portal and other web
application. As an example
we'll use <emphasis>jmx-console</emphasis> web-app that comes
with every JBoss Application Server installation.
- You can find more information on how to secure
<emphasis>jmx-console</emphasis> in <ulink
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole&qu... AS
wiki</ulink>.
+ You can find more information on how to secure
<emphasis>jmx-console</emphasis> in <ulink
+
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole&qu... AS
wiki</ulink>.
</para>
<orderedlist>
<listitem>
@@ -127,12 +131,15 @@
</listitem>
<listitem>
<para>
- Edit
<emphasis>$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml</emphasis>
file and uncomment
- following line:
- <programlisting>
- <![CDATA[
-<Valve className=’org.apache.catalina.authenticator.SingleSignOn’/>]]>
- </programlisting>
+ Uncomment the following line
+ <programlisting><![CDATA[<Valve
className=’org.apache.catalina.authenticator.SingleSignOn’/>]]></programlisting>
+ in the
<literal>$JBOSS_HOME/server/default/deploy/jboss-web.deployer/server.xml</literal>
file.
+ <note>
+ On JBoss 4.0.x the configuration file is
+
<literal>$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml</literal>
+ </note>
+ More information can be found <ulink
+
url="http://www.jboss.org/wiki/Wiki.jsp?page=SingleSignOn">h...;.
</para>
<para>
Run JBoss Application Server.
Modified: docs/trunk/referenceGuide/en/modules/clustering.xml
===================================================================
--- docs/trunk/referenceGuide/en/modules/clustering.xml 2007-10-13 17:12:01 UTC (rev
8631)
+++ docs/trunk/referenceGuide/en/modules/clustering.xml 2007-10-13 17:31:51 UTC (rev
8632)
@@ -163,22 +163,29 @@
</depends>
</mbean>
]]></programlisting>
- More information can be found <ulink
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossCacheHibernate&qu...;.
+ More information can be found <ulink
+
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossCacheHibernate&qu...;.
</para>
</sect2>
<sect2>
<title>Identity clustering</title>
- <para>JBoss Portal leverages the servlet container authentication for its
own authentication mechanism. When the user
- is authenticated on one particular node he will have to reauthenticate again if
he use another node of the cluster (during
- a failover for instance). This is valid only for the
<emphasis>FORM</emphasis> based authentication which is the default
- form of authentication that JBoss Portal uses. Fortunately JBoss provides
transparent reauthentication of the user called
- JBoss clustered SSO. Its configuration is in the file
<emphasis>$JBOSS_HOME/server/all/deploy/jbossweb-tomcat55.sar/server.xml</emphasis>
- and the clustered sso valve shall be uncommented
- <programlisting><![CDATA[
-<Valve className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn" />
-]]></programlisting>
- More information can be found <ulink
url="http://www.jboss.org/wiki/Wiki.jsp?page=SingleSignOn">h...;.
+ <para>JBoss Portal leverages the servlet container authentication for its
own authentication mechanism. When
+ the user is authenticated on one particular node he will have to
reauthenticate again if he use another
+ node of the cluster (during a failover for instance). This is valid only for
the <emphasis>FORM</emphasis>
+ based authentication which is the default form of authentication that JBoss
Portal uses. Fortunately JBoss
+ provides transparent reauthentication of the user called JBoss clustered SSO.
Its configuration can be found
+ in
<literal>$JBOSS_HOME/server/all/deploy/jboss-web.deployer/server.xml</literal>
and you will need to
+ uncomment the following valve:
+ <programlisting><![CDATA[<Valve
className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn"
/>]]></programlisting>
+
+ <note>
+ If you use JBoss 4.0.x, the files and valve are respectively:
+
<literal>$JBOSS_HOME/server/all/deploy/jbossweb-tomcat55.sar/server.xml</literal>
+ <programlisting><![CDATA[<Valve
className="org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn"
/>]]></programlisting>
+ </note>
+
+ More information can be found <ulink
url="http://www.jboss.org/wiki/Wiki.jsp?page=SingleSignOn">h...;.
</para>
</sect2>
@@ -202,10 +209,12 @@
<title>Setup</title>
<para>We are going to outline how to setup a two node cluster on the same
machine in order to test JBoss Portal HA. The only
missing part from the full fledged setup is the addition of a load balancer in
front of Tomcat. However a lot of documentation
- exist on the subject. A detailed step by step setup of Apache and mod_jk is
available from the <ulink
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingMod_jk1.2WithJBos...
Wiki</ulink>.</para>
+ exist on the subject. A detailed step by step setup of Apache and mod_jk is
available from the <ulink
+
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingMod_jk1.2WithJBos...
Wiki</ulink>.</para>
<para>As we need two application servers running at the same time, we must
avoid any conflict. For instance we will
need Tomcat to bind its socket on two different ports otherwise a network conflict
will occur. We will leverage
- the service binding manager <ulink
url="http://docs.jboss.org/jbossas/jboss4guide/r3/html/ch10.html&quo...
chapter</ulink> of
+ the service binding manager <ulink
+
url="http://docs.jboss.org/jbossas/jboss4guide/r3/html/ch10.html&quo...
chapter</ulink> of
the JBoss AS documentation.</para>
<para>The first step is to copy the <emphasis>all</emphasis>
configuration of JBoss into two separate
configurations that we name <emphasis>ports-01</emphasis> and
<emphasis>ports-02</emphasis> :
@@ -244,17 +253,17 @@
into <emphasis>$JBOSS_HOME/server/ports-01/deploy</emphasis> and
<emphasis>$JBOSS_HOME/server/ports-02/deploy</emphasis>.
</para>
<para>Copy JBoss Portal HA to the deploy directory of the two
configurations.</para>
-
+
<!-- adding instruction about jboss cache versioning -->
- <para>
+ <para>
<emphasis>JBoss Cache Configuration Note :</emphasis> To
improve CMS performance JBoss Cache is leveraged to cache the content cluster wide.
We recommend that you use the following version of JBoss Cache for best
performance:
<itemizedlist>
<listitem><emphasis>JBoss Cache 1.4.0.SP1 and
above</emphasis></listitem>
- <listitem><emphasis>JGroups 2.2.7 or
2.2.8</emphasis></listitem>
- </itemizedlist>
+ <listitem><emphasis>JGroups 2.2.7 or
2.2.8</emphasis></listitem>
+ </itemizedlist>
When building from source the following command: {core}/build.xml
deploy-ha automatically upgrades your JBoss
- Cache version.
+ Cache version.
</para>
<para>
<emphasis>Alternative: </emphasis> If upgrading your JBoss
Cache version is not an option, the following configuration
@@ -295,10 +304,10 @@
<attribute name="CacheLoaderFetchTransientState">false</attribute>
<attribute
name="CacheLoaderFetchPersistentState">false</attribute>
<attribute name="CacheLoaderAsynchronous">false</attribute>
]]></programlisting>
-
+
</para>
-
-
+
+
<para>Finally we can start both servers, open two shells and execute :
<programlisting><![CDATA[
cd $JBOSS_HOME/bin
@@ -310,9 +319,9 @@
]]></programlisting>
</para>
</sect1>
-
-
+
+
<sect1 id="portlet_session_replication">
<title>Portlet Session Replication</title>
<para>Web containers offer the capability to replicate sessions of web
applications. In the context of a portal using portlets the use case is different. The
portal itself is a web application
Modified: docs/trunk/referenceGuide/en/modules/sso.xml
===================================================================
--- docs/trunk/referenceGuide/en/modules/sso.xml 2007-10-13 17:12:01 UTC (rev 8631)
+++ docs/trunk/referenceGuide/en/modules/sso.xml 2007-10-13 17:31:51 UTC (rev 8632)
@@ -19,7 +19,8 @@
the portal you gain access to many systems through portlets using a single
identity. Still in many cases you
need to integrate the portal infrastructure with other SSO enabled systems. There
are many different Identity Management
solutions on the market. In most cases each SSO framework provides its own way to
plug into Java EE application. For custom configurations
- you need to have a good understanding of <link
linkend="identity">JBoss Portal Identity management</link> and <link
linkend="authentication">authentication</link>
+ you need to have a good understanding of <link
linkend="identity">JBoss Portal Identity management</link> and
<link
+ linkend="authentication">authentication</link>
mechanisms.</para>
</sect1>
<sect1>
@@ -32,12 +33,14 @@
<sect2>
<title>Enabling Tomcat SSO Valve</title>
<para>
- To enable SSO valve in Tomcat you should edit
<emphasis>$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml</emphasis>
file and uncomment
- following line:
- <programlisting>
- <![CDATA[
-<Valve className=’org.apache.catalina.authenticator.SingleSignOn’/>]]>
- </programlisting>
+ To enable SSO valve in Tomcat you should uncomment the following line
+ <programlisting><![CDATA[<Valve
className=’org.apache.catalina.authenticator.SingleSignOn’/>]]></programlisting>
+ in the
<literal>$JBOSS_HOME/server/default/deploy/jboss-web.deployer/server.xml</literal>
file.
+ <note>
+ On JBoss 4.0.x the configuration file is
+
<literal>$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml</literal>
+ </note>
+ More information can be found <ulink
url="http://www.jboss.org/wiki/Wiki.jsp?page=SingleSignOn">h...;.
</para>
</sect2>
<sect2>
@@ -45,7 +48,8 @@
<para>
Lets look a little bit closer and configure SSO between portal and other web
application. As an example
we'll use <emphasis>jmx-console</emphasis> web-app that comes
with every JBoss Application Server installation.
- You can find more information on how to secure
<emphasis>jmx-console</emphasis> in <ulink
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole&qu... AS
wiki</ulink>.
+ You can find more information on how to secure
<emphasis>jmx-console</emphasis> in <ulink
+
url="http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole&qu... AS
wiki</ulink>.
</para>
<orderedlist>
<listitem>
@@ -127,12 +131,15 @@
</listitem>
<listitem>
<para>
- Edit
<emphasis>$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml</emphasis>
file and uncomment
- following line:
- <programlisting>
- <![CDATA[
-<Valve className=’org.apache.catalina.authenticator.SingleSignOn’/>]]>
- </programlisting>
+ Uncomment the following line
+ <programlisting><![CDATA[<Valve
className=’org.apache.catalina.authenticator.SingleSignOn’/>]]></programlisting>
+ in the
<literal>$JBOSS_HOME/server/default/deploy/jboss-web.deployer/server.xml</literal>
file.
+ <note>
+ On JBoss 4.0.x the configuration file is
+
<literal>$JBOSS_HOME/server/default/deploy/jbossweb-tomcat55.sar/server.xml</literal>
+ </note>
+ More information can be found <ulink
+
url="http://www.jboss.org/wiki/Wiki.jsp?page=SingleSignOn">h...;.
</para>
<para>
Run JBoss Application Server.
@@ -369,7 +376,7 @@
]]>
</programlisting>
This will expose special service in JBoss Portal that can be leveraged by
JOSSO Credential and Identity Stores if the server is deployed on the same
- application server instance.
+ application server instance.
</listitem>
<listitem>
Edit
<emphasis>$JBOSS_HOME/server/default/deploy/josso.ear/josso.war/WEB-INF/classes/josso-gateway-config.xml</emphasis>
and configure following elements: